Commit graph

7 commits

Author SHA1 Message Date
Dan Brown
f021823287
Updated default value for secure session detection
Updated default value for APP_URL so that the startsWith call is not
passed null, since that causes deprecation notice in PHP8.1.
Would show when APP_URL was not set, adding extra confusiion.
2022-05-11 16:47:09 +01:00
Dan Brown
934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown
1420f239fc Made session cookie path dynamic based on APP_URL 2021-03-16 13:03:07 +00:00
ckleemann
3fc935d4bb
Introduce an env variable for the Session Cookie Path 2021-02-20 14:25:28 +01:00
Dan Brown
92922288dd
Added iframe CSP, improved session cookie security
Added iframe CSP headers with configuration via .env.
Updated session cookies to be lax by default, dynamically changing to
none when iframes configured to allow third-party control.
Updated cookie security to be auto-secure if a https APP_URL is set.

Related to #2427 and #2207.
2021-01-02 02:43:50 +00:00
Dan Brown
6917ea088f
Upgraded app to Laravel 5.7 2019-09-06 23:36:16 +01:00
Dan Brown
97fdfa6ebe
Moved config dir into app dir
Closes #1506
2019-07-06 13:44:50 +01:00
Renamed from config/session.php (Browse further)